Tech

Apple’s macOS Malware Targets Cryptocurrency Exchange Platform’s Blockchain Engineers: Report

Published

8 months ago

on

A new malware which affects Apple’s macOS was found to be targeting blockchain engineers at a cryptocurrency exchange platform. The malware, nicknamed “KandyKorn,” is attributed to the North Korean hacking group Lazarus.

Attackers pose as members of the cryptocurrency community on Discord channels to spread Python-based modules that trigger a multi-step KandyKorn infection chain, as reported by Bleeping Computer.

The campaign aims to access and steal data from the infected computer and avoid detection by hijacking the real Discord app following a series of binary renaming actions.

Attackers approach members of the crypto community on Discord channels using social engineering attacks to trick them into downloading a malicious ZIP archive named “Cross-platform Bridges.zip”.

(For the day’s top tech news, subscribe to our tech newsletter Today’s Cache)

Victims are misled into believing that they are downloading a legitimate arbitrage bot designed for automated generation of profits from crypto transactions. However, the Python script imports modules that decompress and execute scripts, which subsequently establish a connection with the command and control server to obtain and load the final payload, KandyKorn, into the system’s memory, the report said.

In the final stage, a loader that impersonates Discord is used and uses the macOS binary code signing techniques seen in past Lazarus campaigns.

The malware was first detected by Elastic Security and, based on overlaps with past campaigns, is attributed to the Lazarus group.

The existence of the malware highlights that macOS is well within the group’s reach. The Lazarus Group targets the cryptocurrency industry primarily for financial gain rather than espionage, another area the group focuses on.

This is a Premium item available exclusively to our subscribers. To read over 250 such premium articles every month You have exhausted your limit of free articles. Please support quality journalism. You have exhausted your limit of free items. Please support quality journalism. X You have read {{data.cm.views}} on {{data.cm.maxViews}} free articles. X This is your last free article.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version